Add a diki-run Job deployment to the ComplianceScan reconciler#48
Add a diki-run Job deployment to the ComplianceScan reconciler#48georgibaltiev wants to merge 1 commit intogardener:mainfrom
diki-run Job deployment to the ComplianceScan reconciler#48Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@georgibaltiev: The label(s) DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Gardener seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
gardener-prow
Bot
added
size/XL
|
/cla |
|
Successfully reached out to cla-assistant.io to initialize recheck of PR #48 |
AleksandarSavchev
left a comment
AleksandarSavchev
left a comment
There was a problem hiding this comment.
Thanks, I have added some initial comments
| resources: | ||
| - configmaps | ||
| verbs: | ||
| - create No newline at end of file |
There was a problem hiding this comment.
| - create | |
| verbs: | |
| - create | |
| subjects: | ||
| - kind: ServiceAccount | ||
| name: diki-run | ||
| namespace: {{ .Release.Namespace }} No newline at end of file |
There was a problem hiding this comment.
| namespace: {{ .Release.Namespace }} | |
| name: diki-run | |
| namespace: {{ .Release.Namespace }} | |
| name: diki-run | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| {{ include "labels" . | indent 4 }} No newline at end of file |
There was a problem hiding this comment.
| {{ include "labels" . | indent 4 }} | |
| labels: | |
| {{ include "labels" . | indent 4 }} | |
| LabelValueDikiOperator = "diki-operator" | ||
|
|
||
| // ConfigMapGenerateNamePrefix is the prefix for diki config ConfigMap names. | ||
| ConfigMapGenerateNamePrefix = "diki-config-" |
There was a problem hiding this comment.
| ConfigMapNamePrefix = "diki-config-" |
We no longer use GenerateName. This name can be changed.
| return reconcile.Result{}, nil | ||
| } | ||
|
|
||
| if complianceScan.Status.Phase == v1alpha1.ComplianceScanRunning { |
There was a problem hiding this comment.
In the deployResources we firstly set the phase to Running. It is possible that the deploy fails after setting to Running phase but before we upscale the `Job
| } | ||
|
|
||
| // DeployDikiRunJob creates a Kubernetes Job that runs the diki compliance scan. | ||
| func (r *Reconciler) deployDikiRunJob(ctx context.Context, complianceScan *v1alpha1.ComplianceScan, dikiConfigMapName string) (*batchv1.Job, error) { |
There was a problem hiding this comment.
I think it would be best this method to be in a separate file in this package named dikirun.go
|
|
||
| job := &batchv1.Job{ | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| GenerateName: "diki-run-", |
There was a problem hiding this comment.
| GenerateName: "diki-run-", | |
| Name: "diki-run-" + complianceScan.UID, |
It would be best to use the same name format here as well. That way we can also find the job by its name. diki-run- can also be stored in a const
| }, | ||
| VolumeMounts: []corev1.VolumeMount{ | ||
| { | ||
| Name: "diki-config", |
There was a problem hiding this comment.
Store diki-config in const
georgibaltiev
force-pushed
the
add/diki-runner-job
branch
from
8d86205 to
20db5fa
Compare
4 participants
How to categorize this PR?
/area usability
/kind enhancement
What this PR does / why we need it:
This PR refactors the reconciliation method for the
ComplianceScanCRD within thediki-operator, by deploying adiki-runJob that performs the scan. The Job's completion/failure patches theComplianceScan's Status.Which issue(s) this PR fixes:
Part of #3
Special notes for your reviewer:
Release note: